Rule ID
SV-88891r2_rule
Version
V1R4
CCIs
If a Threat Intelligence Exchange (TIE) server is being used in the organization, reputation for files and certificates is fetched from the TIE server. The reputation values control execution at endpoints and are displayed on the Application Control pages on the McAfee ePO console. If the GTI is being used, reputation for files and certificates is fetched from the McAfee GTI. For both methods, the administrator can review the reputation values and make informed decisions for inventory items in the enterprise.
NOTE: This requirement is Not Applicable on a classified SIPRNet or otherwise closed network. From the ePO server console System Tree, select the "Systems" tab. Select "This Group and All Subgroups". Select the asset to be validated. Select "Actions". Select "Agent". Select "Modify Policies on a Single System". From the product pull-down list, select Solidcore 7.x: Application Control. From the "Policy" column, select the policy associated with the Category "Application Control Options (Windows)" that is specific for the asset being reviewed. Select the "Reputation" tab. Verify the "Use McAfee Global Threat Intelligence (McAfee GTI)" option is selected. Note: The "McAfee GTI" option must be selected, as a failover, even if an internal McAfee TIE server is configured. If the "McAfee GTI" option is not selected, this is a finding.
From the ePO server console System Tree, select the "Systems" tab. Select "This Group and All Subgroups". Select the asset. Select "Actions". Select "Agent". Select "Modify Policies on a Single System". From the product pull-down list, select Solidcore 7.x: Application Control. From the "Policy" column, select the policy associated with the Category "Application Control Options (Windows)" that is specific for the asset being reviewed. Select the "Reputation" tab. Place a check in the "Use McAfee Global Threat Intelligence (McAfee GTI)" option. Click "Save".